Complete the code to specify the SSL certificate file for the server block.
server {
listen 443 ssl;
server_name example.com;
ssl_certificate [1];
}The ssl_certificate directive must point to the SSL certificate file, which usually ends with .crt or .pem.
Complete the code to specify the SSL private key file for the server block.
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key [1];
}The ssl_certificate_key directive must point to the private key file, which usually ends with .key.
Fix the error in the listen directive to enable SNI for multiple SSL certificates.
server {
listen [1];
server_name site1.example.com;
ssl_certificate /etc/nginx/ssl/site1.crt;
ssl_certificate_key /etc/nginx/ssl/site1.key;
}To support SNI and HTTP/2, the listen directive should include ssl and http2 options.
Fill both blanks to configure two server blocks for different domains using SNI.
server {
listen 443 ssl http2 [1];
server_name site1.example.com;
ssl_certificate /etc/nginx/ssl/site1.crt;
ssl_certificate_key /etc/nginx/ssl/site1.key;
}
server {
listen 443 ssl http2 [2];
server_name site2.example.com;
ssl_certificate /etc/nginx/ssl/site2.crt;
ssl_certificate_key /etc/nginx/ssl/site2.key;
}The reuseport option allows multiple sockets to listen on the same port, which helps with load balancing and SNI.
Fill all three blanks to create a map for selecting SSL certificates based on the server name.
map $ssl_server_name $ssl_cert {
default [1];
site1.example.com [2];
site2.example.com [3];
}
map $ssl_server_name $ssl_key {
default /etc/nginx/ssl/default.key;
site1.example.com /etc/nginx/ssl/site1.key;
site2.example.com /etc/nginx/ssl/site2.key;
}
server {
listen 443 ssl http2;
ssl_certificate $ssl_cert;
ssl_certificate_key $ssl_key;
}The map directive assigns the correct SSL certificate file based on the requested server name, enabling SNI to serve multiple certificates.